How do you generate a security string in PHP?

I am building a login system for my website, however I have always used the $_SESSION variable before for remembering people l开发者_JAVA技巧ogged in, but this time they need to be remembered via cookies. The cookie will store their username and security code which I will also store in a database allowing me to confirm that they are the correct user. I have seen various approaches to this, however I would like to generate a completely secure string.

$_SESSION already uses cookies by default, so you don't have to change anything. Just make sure the use_cookies and use_only_cookies configuration options are set to on.

A secret is usually a random number, which you can compute its md5 and put it inside a cookie, this is how I do it for one of my applications ($salt is a unique large arbitrary string):

$rnd = mt_rand( 0, 0x7fffffff ) ^ crc32( $salt ) ^ crc32( microtime() );

$secret = md5( $rnd );

if you want to make it even more secure everytime you make a $rnd save it somewhere (in DB perhaps) and shift your next $rnd by its value and save that next $rnd in the DB...

I use the ASCII code with the function chr, from the character 33 to 126.

The function is like this:

$seed = "";
for ($i = 1; $i <= 20; $i++) {
    $seed .= chr( mt_rand(33,126) );
}
return md5($seed);

You could make a Cryptographically Secure Random String as suggested here

Here you generate a 32charater long string contaning (A-Z) & (0-9)

$token = bin2hex(openssl_random_pseudo_bytes(16));

# or in php7
$token = bin2hex(random_bytes(16));